Reliable M IX Cascade Networks t hrough Reput at ion Roger D - PowerPoint PPT Presentation

Reliable M IX Cascade Networks t hrough Reput at ion Roger D ingledine, Reput at ion T echnologies Paul Syverson, Naval Research L ab 1

W ays of Improving Reliability � B uild prot ocols wit h provable robust ness guarant ees � Provide economic incent ives for reliability � Add reput at ion t o \ improve" reliability � D ist inct ion between reliability and robust ness 3

Relat ed W ork � M IXes ( Chaum) � Robust M IX-net s ( Flash M ix, Universally Veri� able M IX) � D eployed Remailer Syst ems ( cypherpunks, M ixmast er) � Remailer st at ist ics ( L evien’s st at ist ics, Jack B Nymble 2) 4

T hreat M odel | Adversary can: � Passively read all t ra� c � Compromise some fract ion of t he M IXes ( Insert , modify, delay, or drop messages) 6

Previous paper at Info Hiding 4 � M IXes writ e per-hop receipt s t o prove good service; wit nesses verify and t ally failure claims. B ut : � Global wit nesses are t rust and communicat ion bot t lenecks � O wning high reput at ion nodes means you own more pat hs? 7

W hat ’s a M IX cascade? � Fixed pat h t hrough t he M IX network � L onger cascades ) lower chance all bad nodes ) more anonymity � L onger cascades ) lower chance all good nodes ) less reliability � Cascades provide more defense against int ersect ion at t ack. 8

D esign O verview � Cascades rearrange periodically ( e.g., daily) � A node fails it s own cascade if it det ect s misbehavior � Nodes send t est messages t o monit or t heir cascades � Senders can demonst rat e decrypt ions t o show failure �

Communal Randomness � Goal: collaborat ing nodes cannot predict t he cascades � Cent ralized ( but veri� able) for convenience � All nodes commit , t hen all reveal � B ut nodes can in� uence communal value by not revealing? �

Heurist ics for picking cascades � Increase cost of breaking anonymity

At t ack: Creepe589a/ F15 ( D eat h) ]T J/ F219.833 T f 0 -184.262 -72.727d[( A) �

Need t o limit number of bad nodes in network � Proof of work, proof of bandwidt h not st rong enough � Advogat o t rust met ric: Number of bad nodes cert i� ed is based on number of confused nodes ( good nodes t hat might cert ify bad nodes) � Cert ify by t rustwort hiness, not expect ed performance 13

So how do we choose cascades? � Pick a t arget safety fact or S ( eg 1 in 10 5 pat hs bad) � Choose � rst cascade randomly from large enough pool of high-reput at ion nodes � Replace chosen nodes t o maint ain pool size � W hen pool cont ains all remaining nodes, just build remaining cascades randomly 14

D et ect ing M isbehavior � Ent ry point : Incoming messages reject ed? � Inside cascade: M essages replaced wit h dummy messages? � Exit point : M essages not delivered? 16

D et ect ing M isbehavior at Ent ry Point � Alice can send int o any node. T hey all deliver t o t 0e head. � T hus nodes can insert indist inguishable t est messages � Alice get s a receipt ( if not , s0e t ries elsewhere) � Head publishes bat ch snapshot ( hashes of messages) � If message not in snapshot , receipt proves misbehavior 17

D et ect ing M isbehavior at Exit Point � T ail bounces t ra� c t o all nodes. All nodes deliver. � If insert ed t est message doesn’t arrive, somebody failed. � O pt imize: if t ail collect s a delivery receipt , no broadcast . 19

T est messages � Nodes reuse recipient addresses in t est messages � Reusing addresses helps prot ect against t ime-based int ersect ion at t ack 20

Q uality of Service, Resource M anagement � Nodes send failure messages and hourly heart beat s t o Reput at ion Servers � Users compare advert ised Q oS and reput at ion from each

Fut ure D irect ions � B et t er bandwidt h use �